1. Field of the Invention
The present invention relates to the field of communications network security and more particularly to electronic messaging security through replicated certificate stores.
2. Description of the Related Art
Security of sensitive information remains a vital concern for any entity that stores and transmits confidential information in secure and insecure networks. Today, there exists a particular concern of securing sensitive information in electronic messaging systems such as E-mail. Electronic messages are often transmitted over public, untrusted networks, creating a significant risk to determine whether the message is authentic or whether it was intercepted and modified. Additionally the risk of message confidentiality exists if an unauthorized party is able to read the contents of the message.
Consequently, entities such as commercial enterprises have been employing various techniques to improve the security of sensitive information contained in electronic messages. In addition to encryption key pairs, digital signature key pairs are generally used to sign electronic messages being sent from one user to another user within a computer network. Verifying signed electronic messages usually require certificates which are typically generated by a trusted certification authority for public keys of private/public key pairs. Thus, a certificate securely binds a public key to the entity that holds the corresponding private key, certifying that the keys are genuinely owned by a trustable source.
Typically, in a secure client-server environment, the client maintains a local repository of certificates replicated from the certificate store of the central server. More particularly, an untrusted certificate store on the client system can be replicated amongst other clients for the same user via the central server—but this replication is done ad hoc. If different users happen to be using the same certificates, the untrusted certificate store for each user must be replicated redundantly on each separate client.
Some clients maintain certificate sharing between users by having a host computing platform-resident repository shared between all users and replicated to all clients; however, in a large diverse user community, this would be impractical due to the size of such a repository. Especially in a system where a single user operates multiple clients, maintaining a separate repository on each client would result in unexpected differences in behavior between the systems since a required certificate might be available in the repository on one client, but not on another client. Additionally, there is no guarantee that a needed certificate will be resident on the client when needed. Thus, these clients must sacrifice memory and system performance due to redundancies and inconsistencies in certificate replication.